MidnightBSD

Advisories for runcms

CVE-2005-0827 MEDIUM

Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ciamos ciamos 0.9.2_rc1
e-xoops e-xoops 1.05_rev3
runcms runcms 1.1a
CVE-2005-0828 MEDIUM

highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ciamos ciamos 0.9.2_rc1
e-xoops e-xoops 1.05r3
runcms runcms 1.1a
CVE-2005-1031 MEDIUM

RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
e-xoops e-xoops 1.05r3
runcms runcms 1.1a
runcms runcms 1.1
CVE-2005-2691 HIGH

includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
runcms runcms 1.2
runcms runcms 1.1a
runcms runcms 1.1
CVE-2005-2692 HIGH

Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
runcms runcms 1.2
runcms runcms 1.1a
runcms runcms 1.1
CVE-2006-0659 MEDIUM

Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
runcms runcms 1.1a
runcms runcms *
runcms runcms 1.1
CVE-2006-0721 HIGH

SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
runcms runcms 1.3a2
runcms runcms 1.2
runcms runcms 1.3a
CVE-2006-0875 MEDIUM

Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
runcms runcms 1.3a2
runcms runcms 1.2
runcms runcms 1.1a
runcms runcms 1.3a
runcms runcms 1.3a5
runcms runcms 1.1
CVE-2006-1216 MEDIUM

Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
runcms runcms 1.3a2
runcms runcms 1.2
runcms runcms 1.1a
runcms runcms 1.3a
runcms runcms 1.3a5
runcms runcms 1.1
CVE-2006-1793 HIGH

Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
runcms runcms 1.1a
runcms runcms *
runcms runcms 1.1
CVE-2010-2852 LOW

Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
runcms runcms 2.1